It was my understanding that this type of check is done in the authorize and the
authenticate sections. However, I checked and sure enough I had the unix
module listed in accounting. I removed this, restarted the server and had the
same results (no ldap/group checks).
Just for fun, I threw ldap into accounting and radiusd promptly yelled at me for
being an idiot.
I have actually been whittling down my modules per section throughout last week
attempting to get this work. It is well within the realm of possibility that I may
have removed a module which could interfere with config-debugging efforts. I
have pasted my config below your quoted message.
BTW, your comment about adding an Ldap-Group attribute both encourages and
disturbs me. What is the status of checking for ldap group membership if
freeradius (0.5)?
> Well it most probably will :-)
> Do you have the unix module in your accounting section? It is needed for
> the
> radwtmp file (although that should be on a module of it's own). If yes try
> removing it. The unix module has a groupcmp function of it's own which
> overrides the one registered by the ldap module.
>
> Alan is it ok if I go on and add an Ldap-Group attribute for ldap group
> membership?
>
> --
> Kostas Kalevras Network Operations Center
Section configurations. I have removed the colorful comments in order to save
space.
authorize {
ldap
}
authenticate {
ldap {
notfound = RETURN
}
}
preacct {
suffix
files
preprocess
}
accounting {
detail
radutmp
}
session {
radutmp
}
John Hogenmiller, kb3dfz
Systems Administrator, Pennswoods.net
1(877)897-4883 x 592
---
Wouldn't the sentence "I want to put a hyphen between the words Fish
and And and And and Chips in my Fish-And-Chips sign" have been clearer if
quotation marks had been placed before Fish, and between Fish and and, and
and and And, and And and and, and and and And, and And and and, and and
and Chips, as well as after Chips?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
